XORMeBaby wrote:No commands. Just PLACEMENT syntax. If you are in /yabba/dabba/ and want to "Submit a poem" to just /yabba/, what would you put in front of it? Think Basic 8 but with out any extra garbage.

I don't get one thing, if the file was going to get saved as "random.txt" or whatever like "random.random" , and we put for example "example.abc" , why the file isn't going to get written like "example.abc.random", it will add the automatic extension at the end, right?pm me if the post is spoiling or whatever

ece7498 wrote:I don't get one thing, if the file was going to get saved as "random.txt" or whatever like "random.random" , and we put for example "example.abc" , why the file isn't going to get written like "example.abc.random", it will add the automatic extension at the end, right?pm me if the post is spoiling or whatever

thanks

File extensions have nothing to do with this mission, I don't see your argument here?

what bothered me about this mission was the fact that there was no real indication that certain files were in a directory separate to that which contains the other pages in this mission. Having a look through the original website, there was no reason for me to suspect that i would need to do the thing i did (in terms of directory traversal) to complete this mission.

kxbcjmgzh wrote:what bothered me about this mission was the fact that there was no real indication that certain files were in a directory separate to that which contains the other pages in this mission. Having a look through the original website, there was no reason for me to suspect that i would need to do the thing i did (in terms of directory traversal) to complete this mission.

Actually, if you think about it, there are clues.You know the original site was over-written. If you actually found the original site, you see the way to interact with the server. Now, if you take a moment and ask yourself, how did the original page become overwritten, using the information here? The logical answer is that it had been done via directory traversal attack.

I really need to stop over thinking these missions. This was so simple and yet it took me an hour to figure out because i over thought the solution . Mission was fun though, it really was more about logic then actual hacking

Question.... Why couldn't i preform a simple ssi command to command linux based commands? Is it because the server doesn't necessarily run on linux or what? I came with a similar approach as in the basic missions because I figured that I'd be able to command the server to preform what I was doing. Realistically I feel that if the person who created this site couldn't get their freakin site back in the first place they obviously aren't smart enough to cancel out those commands. Thus my approach was very similar to the basic mission command. Here's what I did: <!--#exec cmd="mv oldindex.html index.html"-->Basically saying, I'm going to preform the command to move the file "oldindex.html" into "index.html" which should just overwrite the original index.html automatically and rename the old right? idk I'm a bit confused meh and If you could just go deeper into this topic and describe the logic, what's wrong with this, etc. Feel free to laugh I guess since this site says beware but like really, think I give a fuck? Nope...

In reality, that would probably work, but these are HTS missions, not reality!Basically, HTS checks your submission against what it thinks should be the answer, and if it thinks you solution is correct, lets you pass. It never executes your code (for obvious reasons ).

Do not mistake understanding for realization, and do not mistake realization for liberation

I definately think I have the correct command. I think i know how directory traversal attacks work and im pretty sure i understand how it is that the site works. Completed mission 8 and 9 in a breeze and i thought i would complete this one easily as well but im not sure why my command doesn't work, i am suspecting it's syntax or could be that i'm totally off.. Anyone open to PMs?